International Association for Cryptologic Research (IACR)
Abstract
Ga{\v z}i et al. [CRYPTO 2014] analyzed the NI-MAC construction proposed by
An and Bellare [CRYPTO 1999] and gave a tight birthday-bound
of O(ℓq2/2n), as an improvement over the previous bound of O(ℓ2q2/2n). In this paper, we design a simple extension of NI-MAC, called NI+-MAC, and prove that it has security bound beyond birthday (BBB) of order O(q2ℓ2/22n) provided ℓ≤2n/4. Our construction not only lifts the security of NI-MAC beyond birthday, it also reduces the number of keys from 2 (NI uses 2 independent
keys) to 1. Before this work, Yasuda had proposed [FSE 2008] a single
fixed-keyed compression function based BBB-secure MAC with security bound O(ℓq2/22n) that uses an extra mask, requires a storage space to store the mask.
However, our proposed construction NI+ does not require any extra mask and thereby
has reduced the state size compared to Yasuda\u27s proposal [FSE 2008] with providing the same order of security bound for light-weight application